Legal Policies and Notices

Data Processing Agreement (DPA)

This Data Processing Agreement (DPA) forms part of the existing agreement(s) between Customer and KRYPT, and/or other written or electronic agreement between KRYPT and Customer for the purchase of Services provided by KRYPT to reflect the parties’ agreement with regard to the Processing of Personal Data of Customer. This DPA is subject to the terms of the Agreement (capitalized terms used and not defined herein have the meanings given them in the General Data Protection Regulation 2016/679 (GDPR)).
1.General Terms

This DPA applies to the Processing of Personal Data, within the scope of the EU General Data Protection Regulation 2016/679 (as further defined in Section 11, and hereinafter “GDPR”), by KRYPT on behalf of Customer. Effective May 25, 2018, KRYPT will Process Personal Data in accordance with the GDPR requirements directly applicable to KRYPT’s provision of its Services. This DPA does not limit or reduce any data protection commitments relating to Processing of Customer Data previously negotiated by Customer in the Agreement (including any existing data processing agreement to the Agreement).

By signing this agreement, Customer enters into the DPA on behalf of itself and, to the extent required under applicable Data Protection Laws, in the name and on behalf of its Authorized Affiliates, if and to the extent KRYPT Processes Personal Data for which such Authorized Affiliates qualify as the Controller. For the purposes of this DPA only, the term “Customer” shall include Customer and Authorized Affiliates, unless otherwise indicated herein.

In the course of providing the Services to Customer pursuant to the Agreement, KRYPT may Process Personal Data on behalf of Customer. KRYPT agrees to comply with the following provisions with respect to any Personal Data Processed for Customer in connection with the provision of the Services. If not otherwise defined in the relevant section.

2.Processing
  • KRYPT shall Process Personal Data in accordance with applicable Data Protection Laws, the GDPR requirements, directly applicable to KRYPT’s provision of its Services. KRYPT shall only Process Personal Data on behalf of and in accordance with Customer’s documented instructions and shall treat Personal Data as Confidential Information. Customer instructs KRYPT to Process Personal Data for the following purposes: (i) Processing in accordance with the Agreement and applicable orders; (ii) Processing to comply with other reasonable instructions provided by Customer (e.g., via a support ticket) where such instructions are consistent with the terms of the Agreement, and (iii) Processing of Personal Data that is required under applicable law to which KRYPT or KRYPT Affiliate is subject, including but not limited to applicable Data Protection Laws, in which case KRYPT or the relevant KRYPT Affiliate shall to the extent permitted by applicable law, inform the Customer of such legally required Processing of Personal Dat

Customer shall, in its use or receipt of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws and Customer will ensure that its instructions for the Processing of Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data

3.Subprocessors
  • Customer acknowledges and agrees that KRYPT may engage subcontractors to Process Personal Data (Subprocessors) on Customer’s behalf.
  • KRYPT shall: (i) enter into a written agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause KRYPT to breach any of its obligations under this DPA.
  • KRYPT shall provide Customer reasonable advance notice (for which email shall suffice) if it adds or removes Sub-processors.
  • Customer may object in writing to KRYPT appointment of a new Sub-processor on reasonable grounds relating to data protection by notifying KRYPT promptly in writing within five (5) calendar days of receipt of KRYPT’s notice in accordance with Section 3.3. Such notice shall explain the reasonable grounds for the objection. In such event, the parties shall discuss such concerns in good faith with a view to achieving commercially reasonable resolution. If this is not possible, either party may terminate the applicable Services that cannot be provided by KRYPT without the use of the objected-to-new Sub-processor.
4.Technical and organizational measures
  • KRYPT shall implement and maintain technical and organizational to ensure a level of security appropriate to the risk for KRYPT’s scope of responsibility.
  • KRYPT shall ensure that any person who is authorized by KRYPT to process Personal Data (including its staff, agents and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).
  • KRYPT will notify Customer without undue delay after becoming aware of a Personal Data Breach with respect to the Services. KRYPT will promptly investigate the Personal Data Breach if it occurred on KRYPT infrastructure or in another area KRYPT is responsible for.
  • KRYPT shall maintain records of its security standards. Upon Customer’s written request, KRYPT shall further provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires, that Customer (acting reasonably) considers necessary to confirm KRYPT compliance with this DPA, provided that Customer shall not exercise this right more than once per year.
5.Data Subject Rights and Requests
  • To the extent permitted by law, KRYPT will inform Customer of requests from Data Subjects exercising their Data Subject rights (e.g. rectification, deletion and blocking of data) addressed directly to KRYPT regarding Personal Data. Customer shall be responsible to respond to such requests of Data Subjects.
  • If a Data Subject brings a claim directly against KRYPT for a violation of their Data Subject rights, Customer will indemnify KRYPT for any cost, charge, damages, expenses or loss arising from such a claim, to the extent that KRYPT has notified Customer about the claim and given Customer the opportunity to cooperate with KRYPT in the defense and settlement of the claim. Subject to the terms of the Agreement, Customer may claim from KRYPT amounts paid to a Data Subject for a violation of their Data Subject rights caused by KRYPT’s breach of its obligations under GDPR.
6.Third Party Requests and Confidentiality
  • KRYPT will not disclose Personal Data to any third party, unless authorized by the Customer or required by law. If a government or Supervisory Authority demands access to Personal Data, KRYPT will notify Customer prior to disclosure, unless prohibited by law.

KRYPT requires all of its personnel authorized to Process Personal Data to commit themselves to confidentiality and not Process such Personal Data for any other purposes, except on instructions from Customer or unless required by applicable law.8. Transborder Data Processing

7.International Transfers
  • KRYPT stores and processes EU Data in data centers located inside and outside the European Union. All other Customer Data may be transferred and processed in the United States and anywhere in the world where Customer, its Affiliates and/or its Sub-processors maintain data processing operations. KRYPT shall implement appropriate safeguards to protect the Personal Data, wherever it is processed, in accordance with the requirements of Data Protection Laws.
  • Notwithstanding Section 5.1, to the extent KRYPT processes or transfers (directly or via onward transfer) Personal Data under this DPA from the European Union, the European Economic Area and/or their member states and Switzerland (“EU Data”) in or to countries which do not ensure an adequate level of data protection within the meaning of applicable Data Protection Laws of the foregoing territories, Customer hereby authorizes any transfer of EU Data to, or access to EU Data from, such destinations outside the EU.
8.Return or Deletion of Personal Data
  • Upon termination or expiration of the Services, all Personal Data shall be deleted, save that this requirement shall not apply to the extent KRYPT is required by applicable law to retain some or all of the Personal Data, or to Personal Data it has archived on back-up systems, which such Personal Data KRYPT shall securely isolate and protect from any further processing, except to the extent required by applicable law.
Krypt
Krypt Facebook Krypt Twitter VIMEO
Krypt MasterCard Krypt Visa Krypt American Express Krypt PayPal Krypt Alipay

立即订购

独立服务器 云服务器

我们的业务

裸机服务器 云服务器
数据保护 服务器附加选項

帮助和支持

公司介绍

Copyright © 2025 Krypt. All Rights Reserved.
This website uses cookies and similar technologies to operate the site, analyze data, improve user experience, and show ads. You can choose to agree to the use of these technologies or adjust your settings.